UPD: Updated exercise3
This commit is contained in:
KF
parent
80e6ed2efb
commit
2d43919595
GPG Key ID:
CD4FF6793F09AB86
1
.gitignore
vendored
1
.gitignore
vendored
@ -32,6 +32,7 @@ bin/
|
|||||||
.terraform
|
.terraform
|
||||||
*.tfstate
|
*.tfstate
|
||||||
*.tfstate.backup
|
*.tfstate.backup
|
||||||
|
*.tfstate.*.*
|
||||||
.idea
|
.idea
|
||||||
.terraform.lock.hcl
|
.terraform.lock.hcl
|
||||||
terraform-training.iml
|
terraform-training.iml
|
||||||
|
|||||||
@ -11,11 +11,13 @@
|
|||||||
| Name | Version |
|
| Name | Version |
|
||||||
|------|---------|
|
|------|---------|
|
||||||
| aws | 5.51.1 |
|
| aws | 5.51.1 |
|
||||||
|
| null | 3.2.2 |
|
||||||
|
|
||||||
## Modules
|
## Modules
|
||||||
|
|
||||||
| Name | Source | Version |
|
| Name | Source | Version |
|
||||||
|------|--------|---------|
|
|------|--------|---------|
|
||||||
|
| CloudflareSg | ../../Modules/Compute/security_group | n/a |
|
||||||
| Vpc | terraform-aws-modules/vpc/aws | 5.8.1 |
|
| Vpc | terraform-aws-modules/vpc/aws | 5.8.1 |
|
||||||
| VpcEndpoints | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.8.1 |
|
| VpcEndpoints | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.8.1 |
|
||||||
|
|
||||||
@ -23,6 +25,8 @@
|
|||||||
|
|
||||||
| Name | Type |
|
| Name | Type |
|
||||||
|------|------|
|
|------|------|
|
||||||
|
| [aws_ec2_managed_prefix_list.pl1](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_managed_prefix_list) | resource |
|
||||||
|
| [null_resource.CloudflareIps](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
|
||||||
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
|
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
|
||||||
| [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
| [aws_iam_policy_document.dynamodb_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
||||||
| [aws_iam_policy_document.s3_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
| [aws_iam_policy_document.s3_endpoint_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
||||||
@ -31,7 +35,6 @@
|
|||||||
|
|
||||||
| Name | Description | Type | Default | Required |
|
| Name | Description | Type | Default | Required |
|
||||||
|------|-------------|------|---------|:--------:|
|
|------|-------------|------|---------|:--------:|
|
||||||
| PrivateSubnets | List of private subnets | `list(string)` | n/a | yes |
|
|
||||||
| VpcCidr | VPC CIDR | `string` | n/a | yes |
|
| VpcCidr | VPC CIDR | `string` | n/a | yes |
|
||||||
| VpcName | Name of VPC | `string` | n/a | yes |
|
| VpcName | Name of VPC | `string` | n/a | yes |
|
||||||
|
|
||||||
@ -39,8 +42,10 @@
|
|||||||
|
|
||||||
| Name | Description |
|
| Name | Description |
|
||||||
|------|-------------|
|
|------|-------------|
|
||||||
| VpcCidr | n/a |
|
| CloudflareSg | Cloudflare security group id |
|
||||||
| VpcId | n/a |
|
| PrivateSubnetCidrs | Private subnet CIDRs |
|
||||||
|
| VpcCidr | Vpc CIDR |
|
||||||
|
| VpcId | Vpc ID |
|
||||||
| last-updated | n/a |
|
| last-updated | n/a |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|||||||
@ -1,5 +1,9 @@
|
|||||||
data "aws_availability_zones" "available" {}
|
data "aws_availability_zones" "available" {}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
PrivataSubnets = cidrsubnets(var.VpcCidr, 8, 8)
|
||||||
|
}
|
||||||
|
|
||||||
module "Vpc" {
|
module "Vpc" {
|
||||||
source = "terraform-aws-modules/vpc/aws"
|
source = "terraform-aws-modules/vpc/aws"
|
||||||
version = "5.8.1"
|
version = "5.8.1"
|
||||||
@ -8,8 +12,8 @@ module "Vpc" {
|
|||||||
cidr = var.VpcCidr
|
cidr = var.VpcCidr
|
||||||
azs = slice(data.aws_availability_zones.available.names, 0, 2)
|
azs = slice(data.aws_availability_zones.available.names, 0, 2)
|
||||||
|
|
||||||
private_subnets = var.PrivateSubnets
|
private_subnets = local.PrivataSubnets
|
||||||
private_subnet_names = ["${var.VpcName}Private1", "${var.VpcName}Private2"]
|
private_subnet_names = [for k, v in local.PrivataSubnets : "${var.VpcName}Private${k}"]
|
||||||
enable_dns_hostnames = true
|
enable_dns_hostnames = true
|
||||||
enable_dns_support = true
|
enable_dns_support = true
|
||||||
enable_nat_gateway = false
|
enable_nat_gateway = false
|
||||||
@ -83,4 +87,39 @@ data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
|
|||||||
values = [module.Vpc.vpc_id]
|
values = [module.Vpc.vpc_id]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "null_resource" "CloudflareIps" {
|
||||||
|
provisioner "local-exec" {
|
||||||
|
command = "wget -qO CfIps.json https://api.cloudflare.com/client/v4/ips"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
CfIpJson = jsondecode(file("${path.module}/CfIps.json"))
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_ec2_managed_prefix_list" "pl1" {
|
||||||
|
name = "CloudflareIpRanges"
|
||||||
|
address_family = "IPv4"
|
||||||
|
max_entries = 20
|
||||||
|
dynamic "entry" {
|
||||||
|
for_each = local.CfIpJson.result.ipv4_cidrs
|
||||||
|
content {
|
||||||
|
cidr = entry.value
|
||||||
|
description = "Cloudflare IP"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module "CloudflareSg" {
|
||||||
|
source = "../../Modules/Compute/security_group"
|
||||||
|
description = "Cloudflare Ip Ranges"
|
||||||
|
egress = {
|
||||||
|
}
|
||||||
|
ingress = {
|
||||||
|
r1 = "tcp,443,443,${aws_ec2_managed_prefix_list.pl1.id},Cloudflare Prefix List"
|
||||||
|
}
|
||||||
|
name = "cloudflare-ips"
|
||||||
|
vpc-id = module.Vpc.vpc_id
|
||||||
}
|
}
|
||||||
@ -1,7 +1,19 @@
|
|||||||
output "VpcId" {
|
output "VpcId" {
|
||||||
value = module.Vpc.vpc_id
|
value = module.Vpc.vpc_id
|
||||||
|
description = "Vpc ID"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "VpcCidr" {
|
output "VpcCidr" {
|
||||||
value = module.Vpc.vpc_cidr_block
|
value = module.Vpc.vpc_cidr_block
|
||||||
|
description = "Vpc CIDR"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "PrivateSubnetCidrs" {
|
||||||
|
value = module.Vpc.private_subnets_cidr_blocks
|
||||||
|
description = "Private subnet CIDRs"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "CloudflareSg" {
|
||||||
|
value = module.CloudflareSg.id
|
||||||
|
description = "Cloudflare security group id"
|
||||||
}
|
}
|
||||||
@ -1,3 +1,2 @@
|
|||||||
VpcName = "TrainingVpc"
|
VpcName = "TrainingVpc"
|
||||||
VpcCidr = "192.168.0.0/16"
|
VpcCidr = "192.168.0.0/16"
|
||||||
PrivateSubnets = ["192.168.100.0/24", "192.168.101.0/24"]
|
|
||||||
@ -6,9 +6,4 @@ variable "VpcName" {
|
|||||||
variable "VpcCidr" {
|
variable "VpcCidr" {
|
||||||
type = string
|
type = string
|
||||||
description = "VPC CIDR"
|
description = "VPC CIDR"
|
||||||
}
|
|
||||||
|
|
||||||
variable "PrivateSubnets" {
|
|
||||||
type = list(string)
|
|
||||||
description = "List of private subnets"
|
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user